VMware 2015: Next Horizon for Cloud Networking and Security

The Next Horizon for Cloud Networking and SecurityGuido Appenzeller, VMware, Inc

NET6639-S#NET6639

1

CONFIDENTIAL2

This presentation may contain product features that are currently under development.This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.Technical feasibility and market demand will affect final delivery.Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

The Next Horizon for Cloud Networking and Security

Guido Appenzeller

Chief Technology & Strategy OfficerNetworking & SecurityVMware

Great to be here. Exciting session. Live Demos. I hope they work.Before we start, reflect on NSX.3

NSX Customer and Business MomentumOrganizations have invested $1M+ in NSX65+

NSX Customers700+

Production Deployments(adding 25-50 per quarter)100+

NSX has been an incredible success.- 700, 100, 654

Networking is aSoftware Industry

The bigger picture is that there has been a tectonic shift in networking.Today Networking is a SW industry.Capabilities of a network today are defined by software, that is independent of the HW.SW and HW industries are fundamentally different. Blockbuster vs. Netflix. Borders vs. Amazon. IBM Mainframes vs. Microsoft5

Two Tier Infrastructure ModelVM or server workloads and network are separate security domainsPhysical Servers

Physical Network Infrastructure

Internet

Used to be HW server and network.Capabilities of network was defined by HW. Wanted new capabilities, buy new HW.6

Two Tier Infrastructure ModelVM or server workloads and network are separate security domainsVirtual Machines


Internet

Virtual Machines


Internet

Network VirtualizationNSX provides connectivity, security and services across your end points

Virtual Machines


Internet

Virtual InfrastructureApplication DemandsMany different ApplicationsDifferent Compliance & Security NeedsFrequent ChangeHardware ComplexityMultiple VendorsDifferent ArchitecturesMultiple LocationsNSX Network VirtualizationSpeed & AutomationAgilitySecurity & Policy

Capabilities of the network defined in SW.DF as a software update. Doesnt require a new box.NSX provides 3 things:Speed & AutomationAgility different apps & HWSecurity

8

Virtual Machines


Internet

Applications


Internet

Virtual InfrastructureMultiple Hypervisor SupportvSphere/ESXiKVMHardware ComplexityMultiple VendorsDifferent ArchitecturesMultiple LocationsNSX Network VirtualizationAutomationSecurity & PolicyService Insertion

Network VirtualizationNSX provides connectivity, security and services across your end points

Everyone knows NSX is the market leader for vSphere. We are also the market leader for open source hypervisors.9

NSX in Open Source Environments

Organizations Contributingto Open vSwitch60

Of NSX Production Deployments use OpenStack20%

KVM VMs in a single NSX deployment100k+

Foundation OVS. 60 orgs. Including competitors. All agree we need a solid open source foundationOpenstack, 20% of production deploymentsHuge. Talked to customers that have run over 100k VMs with networks powered by NSX.10

Virtual Machines


Internet

Applications


Internet

Virtual Infrastructure

NSX The market leader for Virtual NetworkingFor ESX and Open Source

Where do we go from here?

Today I want to give you a sneak preview of what we are working on.What you are seeing are not todays products.We are not announcing anything, no ship dates, no features of existing products, no new products.But this is where we think we will go next.12

Host

HypervisorContainersContainers are emerging as the application management layer of choice

Appbin/libsOS

Appbin/libsOS

Appbin/libsOS

bin/libsOSApplication ContainersVM Applications

Application ContainersHost

App

App

App

App

App

App

App

App

AppContainersbin/libs

NSX Container Deployments TodayContainers run inside of VMsGroup containers of one application inside a VMContainers often behind NATNo container level networking

Does this make sense? It actually does14This is how Enterprises are using NSX containers VMContainerContainerContainerContainerHypervisorVMContainerContainerContainerContainervSwitch

VM

VM

Container Security15Vulnerable Application

VaultVault

WebsiteWebsiteWebsiteWebsite

InternetDatabase

Port 80

Internalnetwork

Explanation:WebSite App (blue) is internet facingVault App (green) is internal onlyHack WebSite App, then hop to Vault and attach DB.

15

Application Level Vulnerability16Improving the capacity indicator

Containers do we still need a Hypervisor?17Lack of isolation allows an attacker to move around

VaultVault


Internet

Database

Port 80

Internalnetwork

Confidential Information


17

Containers do we still need a Hypervisor?18Privilege escalation can lead to container host compromise

VaultVault


Internet

Database

Port 80

Internalnetwork

Confidential Information


18

Containers do we still need a Hypervisor?19NSX provides segmentation, visibility and integration


Internet

Port 80

Internalnetwork

Physical Network InfrastructureVaultVaultDatabaseDatacenter

HONEY POT

VULNERABILITYSCANNER

Micro-segmentation

Alert

Connection to data center


19

20

Micro-segmentation

Alert

Connection to data center

Why NSX for Containers?21Segment ApplicationsStateful FirewallLimit Attackers Movement

Per-flow trackingAlerts for suspicious behaviorVirtual taps

MonitoringSecurity, Incident Response, Forensics Access to backend systems

Virtual Machines


Internet

Network VirtualizationNSX provides support for third generation applications

ApplicationsPhysical Network Infrastructure

Internet

Virtual InfrastructureApplication DemandsvSphere/ESXiKVMThird Generation ApplicationsHardware ComplexityMultiple VendorsDifferent ArchitecturesMultiple LocationsNSX Network VirtualizationAutomationSecurity & PolicyService Insertion

22

The Public CloudNew Opportunities:On-demand resourcesCapacity in any geographyInstant provisioning

New Challenges:Security & ComplianceConnectivity with on-premisesCloud lock-in

And there is one more thing, called the cloud.23

Power of Cloud: Workload Mobility

APP

APP

APP

Lock-In Through Services

Storage ServiceLoad Balancing ServiceFirewall Service



APP

Cloud: Just New Silos?


APP


APP


APP

NSX

BYOI Bring Your Own Infrastructure




APP

APP

APP

APP

APP

APP

Tech-Preview: NSX for Amazon Web Services28Native support for AWS instances with coherent services and security posture for on and off-premise28

28Data Center Web Server HRServer

IT AdministratorDefines network and security policy

Internet

NSX for Amazon Web Services29Native support for AWS instances with coherent services and security posture for on and off-premise29Data Center Web Server HRServer


Internet

NSX for Amazon Web ServicesOn-Premise NSX/vSphereAWS instances are added to logical switchConsistent security posture on-premise and in cloudAWS instances leverage services

30Native support for AWS instances with coherent services and security posture for on and off-premise30AWS CloudData Center Web Server HRServer

DeveloperLaunches instancesvia Amazon consoleAmazon Web ServicesNative AWS Server instances (AMIs)Added to NSX virtual networks via policy


Internet

NSX Tomorrow: Virtual Networking for all PlatformsWherever you go, NSX is there to help you.

Physical Network

Virtual Infrastructure

NSX Tomorrow32

SpeedProvision connectivity for any endpoint across different domains.

AgilityAutomate provisioning via templates and rich APIs.

SecurityConsistent security posture and visibility across all types of endpoints.

On-Premise Data Center

3rd Generation Apps

Public Clouds

Virtual Desktop

Mobile Devices

Explain VisionSpeedAgilitySecurityThe future of your IT org will be complicated:On premise vs cloud, 2nd gen vs 3rd gen, IaaS vs PaaS, OSS vs CS, mobile users.If there is one thing I want you to take away from this session, it is that whatever you do, NSX is there for the journey and will help you to be fast, agile and secure.32

Thank you!

33

Thank you!

34

Containers + Public Cloud + NSX

To some of you, this may

SW and HW industries are fundamentally different. Blockbuster vs. Netflix. Borders vs. Amazon. IBM Mainframes vs. Microsoft.35

NSX + Public Cloud + Containers36

SydneyHong KongPalo AltoChicagoDallasVirginiaSeattle500 Web Servers7 data centers3 continents2 public clouds + 1 on premisein 5 minutes

37

On-Premise Data Center3rd Generation AppsPublic CloudsVirtual DesktopMobile Devices

Explain VisionSpeedAgilitySecurityThe future of your IT org will be complicated:On premise vs cloud, 2nd gen vs 3rd gen, IaaS vs PaaS, OSS vs CS, mobile users.If there is one thing I want you to take away from this session, it is that whatever you do, NSX is there for the journey and will help you to be fast, agile and secure.37

38

The Next Horizon for Cloud Networking and SecurityGuido Appenzeller, VMware, Inc

NET6639-S#NET6639

40

Martin_fullGuido AppenzellerGuido Appenzeller's Album201523980.488eng - iTunNORM 00002EA4 00002EA4 0000DC4A 0000DC4A 00000C58 00000C58 00007F1F 00007F1F 00003234 00003234eng - iTunSMPB 00000000 00000210 00000AB7 0000000000101639 00000000 0005CDB7 00000000 00000000 00000000 00000000 00000000 00000000Pat_fullGuido AppenzellerGuido Appenzeller's Album201526618.916eng - iTunNORM 00004A91 00004A91 0000F012 0000F012 00000C58 00000C58 00007E7B 00007E7B 00000153 00000153eng - iTunSMPB 00000000 00000210 000007A2 000000000011DFCE 00000000 0006729D 00000000 00000000 00000000 00000000 00000000 00000000

Date post:	06-Apr-2017
Category:	Technology
Upload:	vmworld
View:	218 times
Download:	0 times